Privacy notice

Pursuant to Articles 13 and 14 of Regulation (EU) 2016/679 (“GDPR”)

1. Regulatory references

Communications sent via this communication box are processed by the Data Controller, DECALIA SIM S.p.A. (“DECALIA” or the “Company”), which provides the necessary, up-to-date information relating to the processing of your personal data.

2. Who processes the Data? The Data Controller, the Data Protection Officer and persons authorised to process the data

The entity that determines the data processing purposes and methods, i.e. the Data Controller, is DECALIA SIM S.p.A., with its registered office in Milan, Corso Europa 2, email:, Tel. 02.3211571.

All employees/other staff of the Company who have access/will have access to the Data, operate/will operate under the direct authority of the Data Controller, have been/will be given authorisation to process personal data, and have received adequate operating instructions in this regard.

The Company has appointed a Data Protection Officer (“DPO”), who can be contacted at the Company in Corso Europa n. 2 – 20122 Milan, email:

3. What Data will be processed and what are the sources used?

The Data communicated by you will be used to respond to the requests made by you to DECALIA.

The Data that will or may be processed by DECALIA is, in summary, your personal data, your contact details and the data included in the request.

By way of example, the Data processed, in detail, could be:

  1. Your name
  2. Your email address
  3. Other data communicated in relation to specific requests

4. For what purposes is the Data processed?

DECALIA will process the Data for the following purposes:

  1. Responding to communications sent.

5. What are the lawful bases for the processing?

The processing of the Data for the purposes listed is carried out:

  1. in performing the agreement or during the pre-contractual phase, in performing pre-contractual measures implemented at the request of the interested party.

6. Consequences of the failure to provide Data

If the Data requested is not supplied, DECALIA will be unable to respond to your requests.

7. Processing methods

The processing of the Data will be based on the principles of lawfulness, accuracy, transparency, proportionality and minimisation, which may be effected by automated methods suitable for saving, managing and transmitting the Data, and will be carried out using appropriate tools, as far as reasonable and taking into account the state of the art, to ensure security and confidentiality through the use of suitable processes that avoid the risk of loss, unauthorised access, illegal use or unauthorised disclosure.

8. Recipients

In addition to DECALIA employees and/or other staff authorised to carry out processing operations on the instructions and under the supervision of the Data Controller, who may become aware of the Data, the current data may be communicated to:

  1. DECALIA’s IT consultants;
  2. DECALIA’s legal advisers;
  3. persons that may access your Data by virtue of legal provisions or secondary or EU legislation.

The updated list of recipients may be consulted by writing to the following email address:

The Data will not be published or distributed to third parties.

9. Data retention period

The Data will be stored in paper and electronic format and retained for the period of time indicated below.

In this regard, it should be noted that the Data:

  1. necessary for performance of the contractual relationship with the Company will be kept for the entire period necessary to respond to requests, as well as for any additional periods stipulated by the legislation from time to time in force and applicable to the contractual relationship;
  2. necessary for enabling DECALIA to defend its rights in the event of disputes relating to the agreement that may be entered into with you/your company will be kept until six months following the expiry of the legal limitation period, in relation to each of the rights that each of the parties could seek to enforce in court or out of court, without prejudice to the additional retention period necessary in the event of pending legal proceedings. In the latter case, the Data will be kept until the final ruling has been issued.

10. Data transfer abroad

Your Data will be processed within EEA countries or in countries covered by a European Commission adequacy decision.

11. Your rights

You have the right to ask the Data Controller:

  1. to confirm that your Data is being processed, and, in this case, to access the Data and information referred to in Article 15 of the GDPR (purpose of the processing, categories of data, categories of recipients, data retention period);
  2. to rectify inaccurate Data;
  3. to supplement incomplete Data;
  4. to erase Data, in the cases provided for in law;
  5. to restrict the processing of Data, by marking the Data as restricted with the aim of restricting its processing in the future;
  6. to receive the Data in a structured format, which is commonly used and that can be read by an automatic device and transmitted to another data controller (“data portability”);
  7. to stop processing your Data if you withdraw your consent;
  8. to object to the processing of all or part of your Data, as provided for in law, where applicable;
  9. to not be subject to a decision based solely on automated processing, including profiling, which produces legal effects that concern you or which similarly affect you significantly;
  10. to file a complaint, pursuant to Article 77 of the GDPR, to the national supervisory authority of the EU member state in which you are habitually resident or have your place of work or where the alleged breach of your rights took place; if this State is Italy, the relevant entity is the Italian Data Protection Authority (Autorità Garante per la Protezione dei Dati Personali).

These rights may be exercised, inter alia, by writing to one of the following email addresses: or, or by contacting the Company using the contact details shown in point 2 of this notice.